[iwar] [fc:Software.sought.to.expose.terrorist.cells]

From: Fred Cohen (fc@all.net)
Date: 2001-10-10 18:29:07


Return-Path: <sentto-279987-2849-1002763749-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 10 Oct 2001 18:30:08 -0700 (PDT)
Received: (qmail 11401 invoked by uid 510); 11 Oct 2001 01:29:00 -0000
Received: from n32.groups.yahoo.com (216.115.96.82) by 204.181.12.215 with SMTP; 11 Oct 2001 01:29:00 -0000
X-eGroups-Return: sentto-279987-2849-1002763749-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by n32.groups.yahoo.com with NNFMP; 11 Oct 2001 01:29:09 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 11 Oct 2001 01:29:08 -0000
Received: (qmail 3705 invoked from network); 11 Oct 2001 01:29:08 -0000
Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 11 Oct 2001 01:29:08 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 11 Oct 2001 01:29:08 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id SAA09164 for iwar@onelist.com; Wed, 10 Oct 2001 18:29:07 -0700
Message-Id: <200110110129.SAA09164@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 10 Oct 2001 18:29:07 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Software.sought.to.expose.terrorist.cells]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Software sought to expose terrorist cells
Adapting fraud-detection programs is a concern to some privacy advocates

BY STEVE JOHNSON
Mercury News 

In a move that has some privacy rights advocates concerned, the Pentagon
is hoping to track down terrorists with the help of a growing battery of
computer software developed to combat consumer and business fraud. 

The Defense Advanced Research Projects Agency is trying to design its
own version of the software to uncover terrorist cells that are posing
as legitimate groups and lying about such things as past employment,
education and business affiliations. 

``What is needed is intelligent agent software that is capable of
reviewing Web sites and identifying implausible or inconsistent
information,'' the agency said in an Oct. 2 public notice seeking help
from businesses or others to create the software. 

The public notice is further proof of what Bush administration officials
have said will be a different kind of war fought on many fronts.  The
campaign against terrorism will include not only bombing raids in
Afghanistan but also battles waged behind the scenes in this country. 

According to the defense agency, the software would root out suspicious
activity such as ``companies who claim contracts incommensurate with
their business history or size, companies who make unverifiable claims,
persons who have ``missing periods in their background'' and ``persons
whose positions are inconsistent with their experience.''

Other applications

The defense agency said the software also would have a wide range of
non-military applications, from spotting Medicare fraud to conducting
``business intelligence gathering about their competitors' plans and
capabilities.''

Ted Senator, who is listed on the notice as the primary military contact
for businesses interested in creating such software, referred all calls
about the matter to Jan Walker, a spokeswoman with the agency.  She was
unable to provide details about the program Tuesday. 

Based on the sketchy information provided in the notice, the
anti-terrorism software concept troubles Beth Givens, director of the
Privacy Rights Clearinghouse in San Diego. 

``I am concerned that there are going to be individuals pulled into the
dragnet who might loosely have a profile that might match that of a
terrorist,'' but who are not terrorists, she said. 

She cited a 1998 brouhaha that erupted over the U.S.  Drug Enforcement
Administration's analysis of data from an Arizona supermarket chain's
customer discount cards.  When the agency disclosed that it considered
large-scale purchases of small plastic bags as evidence of possible drug
dealing, some people were outraged. 

Ari Schwartz, associate director of the non-profit Center for Democracy
&amp; Technology in Washington, D.C., views the Pentagon's software
proposal as part of a broad and dangerous push after the Sept. 11
terrorist attacks to bolster surveillance and data gathering on
civilians. 

``They're trying to roll back the clock to the '50s, '60s and '70s, when
there were abuses'' by U.S.  government agencies, he said. 

Wording concerns

Schwartz also is concerned about some of the vague language in the
notice, including the phrase ``companies who make unverifiable claims.''
He said that could conceivably apply to so many businesses ``that
they're going to get way too much information,'' making it difficult to
find terrorists. 

Some of those familiar with existing fraud-detection software say it
wouldn't be easy to do what the Pentagon asks.  One big problem is that
relatively little is known about how terrorists operate, which could
make it hard to design software that knows what to look for. 

Although many businesses ``are just thrilled to death'' with their
fraud-detection software, said John Gill of the Association of Certified
Fraud Examiners, if it isn't written correctly ``you can get a lot of
gibberish.''

But others are optimistic about the defense agency's proposal. 

``It really looks like they know what they're doing,'' said Tom Fawcett,
a software expert at Hewlett-Packard Labs in Palo Alto, who co-wrote a
1998 paper on using artificial intelligence for fraud detection that was
cited as a reference in the notice. 

Many businesses already use fraud-detection software, which works by
essentially spotting things that don't fit normal patterns. 

Rob Jensen of HNC Software in San Diego said his company's products are
widely used by credit card firms to detect fraudulent transactions.  If
a card that is normally used to only buy clothes at stores suddenly is
used to buy lots of expensive electronic gear overseas via the Internet,
for example, the software would alert the card company that something
could be amiss.  Armed with this technology, Jensen said, credit card
firms have ``pretty much cut their fraud in half.''

Government agencies increasingly are finding the software useful. 

The National Security Agency uses it to sift through its massive trove
of eavesdropping data to search for spies and terrorists.  The FBI is
developing similar software to spot hackers attempting to invade
government computers.  And New Jersey police recently began using
software developed by Memex of Scotland to analyze a database they are
compiling of people with ties to New Jersey and to the Sept. 11 attacks,
according to Chris Byrd, an executive with Memex's U.S.  operations. 

High cost

Some data-crunching software can cost hundreds of thousands of dollars. 
But it sometimes can save a lot more, Byrd said, referring to a 1994
incident when the Defense Intelligence Agency used Memex's software to
help analyze worrisome Iraqi military maneuvers. 

At the time, Iraq's army seemed to be doing many of the same things it
did just before it invaded Kuwait four years earlier.  But when the
agency analyzed all the data, ``We could tell it was not a troop
mobilization,'' Byrd said.  Moreover, by not having to rush additional
military personnel to the region, he said, the U.S.  ``saved millions of
dollars.''

Contact Steve Johnson at <a
href="mailto:sjohnson@sjmercury.com?Subject=Re:%20(ai)%20Software%20sought%20to%20expose%20terrorist%20cells%2526In-Reply-To=%2526lt;B7E9E371.18281%25rforno@infowarrior.org">sjohnson@sjmercury.com</a>
or (408) 920-5043

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST